xref: /freebsd/crypto/heimdal/lib/hdb/hdb.schema (revision af23369a6deaaeb612ab266eb88b8bb8d560c322)
1# Definitions for a Kerberos V KDC schema
2#
3# $Id$
4#
5# This version is compatible with OpenLDAP 1.8
6#
7# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
8#
9# Syntaxes are under 1.3.6.1.4.1.5322.10.0
10# Attributes types are under 1.3.6.1.4.1.5322.10.1
11# Object classes are under 1.3.6.1.4.1.5322.10.2
12
13# Syntax definitions
14
15#krb5KDCFlagsSyntax SYNTAX ::= {
16#   WITH SYNTAX            INTEGER
17#--        initial(0),             -- require as-req
18#--        forwardable(1),         -- may issue forwardable
19#--        proxiable(2),           -- may issue proxiable
20#--        renewable(3),           -- may issue renewable
21#--        postdate(4),            -- may issue postdatable
22#--        server(5),              -- may be server
23#--        client(6),              -- may be client
24#--        invalid(7),             -- entry is invalid
25#--        require-preauth(8),     -- must use preauth
26#--        change-pw(9),           -- change password service
27#--        require-hwauth(10),     -- must use hwauth
28#--        ok-as-delegate(11),     -- as in TicketFlags
29#--        user-to-user(12),       -- may use user-to-user auth
30#--        immutable(13)           -- may not be deleted
31#   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
32#}
33
34#krb5PrincipalNameSyntax SYNTAX ::= {
35#   WITH SYNTAX            OCTET STRING
36#-- String representations of distinguished names as per RFC1510
37#   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
38#}
39
40# Attribute type definitions
41
42attributetype ( 1.3.6.1.4.1.5322.10.1.1
43	NAME 'krb5PrincipalName'
44	DESC 'The unparsed Kerberos principal name'
45	EQUALITY caseExactIA5Match
46	SINGLE-VALUE
47	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
48
49attributetype ( 1.3.6.1.4.1.5322.10.1.2
50	NAME 'krb5KeyVersionNumber'
51	EQUALITY integerMatch
52	SINGLE-VALUE
53	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
54
55attributetype ( 1.3.6.1.4.1.5322.10.1.3
56	NAME 'krb5MaxLife'
57	EQUALITY integerMatch
58	SINGLE-VALUE
59	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
60
61attributetype ( 1.3.6.1.4.1.5322.10.1.4
62	NAME 'krb5MaxRenew'
63	EQUALITY integerMatch
64	SINGLE-VALUE
65	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
66
67attributetype ( 1.3.6.1.4.1.5322.10.1.5
68	NAME 'krb5KDCFlags'
69	EQUALITY integerMatch
70	SINGLE-VALUE
71	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
72
73attributetype ( 1.3.6.1.4.1.5322.10.1.6
74	NAME 'krb5EncryptionType'
75	EQUALITY integerMatch
76	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
77
78attributetype ( 1.3.6.1.4.1.5322.10.1.7
79	NAME 'krb5ValidStart'
80	EQUALITY generalizedTimeMatch
81	ORDERING generalizedTimeOrderingMatch
82	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
83	SINGLE-VALUE )
84
85attributetype ( 1.3.6.1.4.1.5322.10.1.8
86	NAME 'krb5ValidEnd'
87	EQUALITY generalizedTimeMatch
88	ORDERING generalizedTimeOrderingMatch
89	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
90	SINGLE-VALUE )
91
92attributetype ( 1.3.6.1.4.1.5322.10.1.9
93	NAME 'krb5PasswordEnd'
94	EQUALITY generalizedTimeMatch
95	ORDERING generalizedTimeOrderingMatch
96	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
97	SINGLE-VALUE )
98
99# this is temporary; keys will eventually
100# be child entries or compound attributes.
101attributetype ( 1.3.6.1.4.1.5322.10.1.10
102	NAME 'krb5Key'
103	DESC 'Encoded ASN1 Key as an octet string'
104	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
105
106attributetype ( 1.3.6.1.4.1.5322.10.1.11
107	NAME 'krb5PrincipalRealm'
108	DESC 'Distinguished name of krb5Realm entry'
109	SUP distinguishedName )
110
111attributetype ( 1.3.6.1.4.1.5322.10.1.12
112	NAME 'krb5RealmName'
113	EQUALITY octetStringMatch
114	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
115
116# Object class definitions
117
118objectclass ( 1.3.6.1.4.1.5322.10.2.1
119	NAME 'krb5Principal'
120	SUP top
121	AUXILIARY
122	MUST ( krb5PrincipalName )
123	MAY ( cn $ krb5PrincipalRealm ) )
124
125objectclass ( 1.3.6.1.4.1.5322.10.2.2
126	NAME 'krb5KDCEntry'
127	SUP krb5Principal
128	AUXILIARY
129	MUST ( krb5KeyVersionNumber )
130	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
131              krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
132              krb5EncryptionType $ krb5Key ) )
133
134objectclass ( 1.3.6.1.4.1.5322.10.2.3
135	NAME 'krb5Realm'
136	SUP top
137	AUXILIARY
138	MUST ( krb5RealmName ) )
139
140